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WHAT IS CLAIMED IS: 



irson 



"^V -^yl . A person authentication system for executing 
authentication by comparing a template with sampling 
information, the template being person authentication data, 
and the sampling information being input by a /iser, the 
person authentication system comprising; 

a person authentication authority issuing a person 
authentication certificate storing teipplate information 
including the template ; and 

a person authentication exeodtion entity obtaining the 
template from the person authentication certificate issued 
by said person authentication authority and executing person 
authentication on the bas/s of the obtained template; 

wherein the person /authentication certificate issued by 
said person authentication authority stores usage 
restriction information which includes at least either a 
certificate expiration date or a certificate usage number 
limit ; and 

said persfcm authentication execution entity checks the 
validity of /the person authentication certificate on the 
basis of the certificate expiration date or the certificate 
usage number limit when the person authentication is 
executed on the basis of the person authentication 
certificate . 
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A person authentication system according to /Claim 1, 
wh^fein said person authentication execution entiW checks 
the validity of the person authentication certificate on the 
basis of a certificate expiration date or a certificate 
usage number limit in person authenticatioiy processing on 
the basis of the person authentication certificate, and then 
executes the person authentication by comparing the template, 
stored in the person authentication certificate, with 
sampling information input by a user on the condition that 
the validity of the person authentication certificate has 
been confirmed on the basis of Jche certificate expiration 
date or the certificate usage/number limit. 



3. A person authentication system according to Claim 1, 
wherein said person authentication execution entity has a 
person authentication executing device, and the person 
authentication executing device executes the following 
processing when usage restriction information of a 
certificate usage /number limit is stored in a person 
authentication certificate : 

storing a set usage count in a memory of the person 
authentication executing device; 

updating/ usage count data stored in the memory every 
time the penson authentication certificate is used; 
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etermining whether the usage count data is witjflin the 
ts of the set usage count of the person autheiycication 
certificate; and 

executing person authentication by comparing user input 
sampling information with a template stored xn the person 
authentication certificate if the usage coijnt data is within 
the certificate usage number limit. 



4. A person authentication system/ according to Claim l f 
wherein a person identification certificate issued by said 
person identification certificate authority stores a 
template expiration date which is/ information on an 
expiration date of the template/stored in the person 
identification certificate; ar 

said person authentication execution entity checks the 
validity of the template on/ the basis of the template 
expiration date in person /authentication processing on the 
basis of the person authentication certificate. 



5. A person authentication system according to Claim 1, 
wherein said person /authentication execution entity checks 
the validity of a template on the basis of a template 
expiration date in person authentication processing on the 
basis of the person authentication certificate, and then 
executes the person authentication by comparing the template. 
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f sxored in the person authentication certificate ^with 
sampling information input by a user on the condition that 
the validity of the template expiration date yfaas been 
confirmed. 



6. A person authentication system according to Claim 1, 
wherein said person authentication execution entity 
functions as an information processing apparatus, and the 
information processing apparatus checks the validity of the 
template expiration date or the expiration date of a person 
authentication certificate whichr is set in the certificate 
stored in the information processing apparatus and then 
outputs a request for issuing the person authentication 
certificate to said person /Identification certificate 
authority which issues th/6 person authentication certificate 
when the validity can nc/t be confirmed; 

said person identification certificate authority makes 
the person authentication certificate in which a new 
expiration date is yset and then issues the person 
identification certificate to the information processing 
apparatus ; and 

the information processing apparatus has storage means 
and stores the? person identification certificate, which is 
issued by said person identification certificate authority, 
in the storage means . 
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/ 7. A person authentication system according to Claim 1, 
wherein said person identification certificate authority 
checks the validity of a template expiration date or an 
expiration date of an issued person identification 
certificate, and then gives notice to an entity received the 
person identification certificate of wh^ch a expiration date 
is approaching . 



8 . A person authentication system according to Claim 1 , 
wherein said person identification certificate authority 
receives a request for updating an issued person 
authentication certificate from an entity received the 

/ 

person identification certificate, makes a person 
authentication certificate in which a updated expiration 
date or a updated certificate usage number limit is set 
according to the request, and then issues the person 
authentication certificate . 




9 . A person authentication system according to Claim 1 , 
wherein said person identification certificate authority 
receives a request for updating the template, stored in a 
person identification certificate which has been issued, 
from an authenticated user of a person identification 
certificate; and 
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(j said person identification certificate authority 
nullifies the person identification certificate /according to 
the request and then makes a person identif icaxion 
certificate on the basis of a updated template. 



10. A person authentication system according to Claim 1, 
wherein said person identification certificate authority 
receives data of a request for setting a template expiration 
date from an authenticated user of a person identification 
certificate, and then makes a per^/n identification 
certificate in which a template expiration date is set on 
the basis of the data of the request for setting a template 
expiration date. 



11. A person authentication system according to Claim 1, 
wherein said person ident^if ication certificate authority and 
said person authentication executing entity execute mutual 
authentication, when data communication is performed 
therebetween, a data/transmitter puts a digital signature on 
transmitted data, ^nd a data receiver verifies the digital 
signature . 



12. A person authentication system according to Claim 1, 
wherein the template is personal biotic information such as 
fingerprint information , retina pattern information, iris 
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ir* pattern information, voice print inf ormation ,/ and 
/handwriting information ; 

personal nonbiotic information such qls seal information, 
passport information, driver's license information, and card 
information ; 

any combination of the personal /biotic information and 
the personal nonbiotic information; or 



/ 



a combination of the above information and a password 



13. A person authentication system according to Claim 1, 
wherein said person identification certificate authority 
puts a digital signature on/a person authentication 
certificate issued by saicy person identification certificate 
authority. 



14. A person authentication method for executing person 
authentication by comparing a template with sampling 
inf ormation, the template being person authentication data, 
and the sampling information being input by a user, the 
person authentication method comprising: 

causing a person authentication authority to issue a 
person authentication certificate storing template 
information including the template; 

causing/ a person authentication execution entity to 
obtain the ^template from the person authentication 
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certificate issued by the person authentication authority 
and to execute person authentication on the basis/of the 
obtained template; 

storing usage restriction inf ormation , wbfich includes 
at least either a certificate expiration da;ce or a 
certificate usage number limit, in the peirson authentication 
certificate issued by the person authentication authority , 
and 

causing the person authentication execution entity to 
check the validity of the person authentication certificate 
on the basis of the certificate expiration date or 

/ 

certificate usage number limit yin person authentication 
processing on the basis of the person authentication 



./ 



certificate , 



/ 



15. A person authentication method according to Claim 

/ 

14, wherein a person authentication execution entity checks 
the validity of the person authentication certificate on the 
basis of a certificate expiration date or a certificate 
usage number limit /in person authentication processing on 
the basis of the person authentication certificate, and then 
executes the person authentication by comparing the template, 
stored in the person authentication certificate, with 
sampling information input by a user on the condition that 
the validity/ of the person authentication certificate has 



• * 
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en confirmed on the basis of the certif icate/expiration 
date or the certificate usage number limit. / 

16. A person authentication method ^according to Claim 
14, wherein a person authentication execution entity has a 
person authentication executing device, and the person 
authentication executing device executes the following 
processing when usage restriction information of a 
certificate usage number limit/ is stored in a person 
authentication certificate: / 

storing a set usage count in a memory of the person 
authentication executing clevice; 

updating usage couiyc data stored in the memory every 
time the person authentication certificate is used; 

determining whether the usage count data is within the 
limits of the set usage count of the person authentication 
certificate; and / 

executing person authentication by comparing sampling 
information, input by a user, with a template stored in the 
person authentication certificate if the usage count data is 
within the limits . 

17. A/ person authentication method according to Claim 
14, wherefin the person identification certificate authority 
stores a template expiration date, which is information on 
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(jl api expiration date of a template stored in a Aerson 

identification certificate made by the pergon identification 
certificate authority; and 

a person authentication execution efiitity checks the 
validity of the template on the basis /of a template 
expiration date in person authentication processing on the 
basis of the person autheniiicatiory certificate. 

18. A person authentication! method according to Claim 
17 , wherein the person authentication execution entity 
checks the validity of a template on the basis of a template 
expiration date in person authentication processing on the 
baSiS o £ . person ^jL^. «~ - «™ 
executes the person authentication by comparing the template, 
stored in the person authentication certificate, with 
sampling information /input by a user on the condition that 
the validity of the/template expiration date has been 
confirmed. 

19. A person authentication method according to Claim 
14, wherein saad person authentication execution entity 
functions as Van information processing apparatus; 

the information processing apparatus checks the 
validity of/ a template expiration date or a expiration date 
of a person authentication certificate which is set in the 
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son authentication certificate stored in the/apparatus, 
and then outputs a request for issuing the person 
authentication certificate to a person identification 
certificate authority which issues the peyson authentication 
certificate when the validity can not be/ confirmed; 

the person identification certificate authority makes 
the person authentication certificate in which a new 
expiration date is set and then issues the person 
identification certificate to the/inf ormation processing 
apparatus ; and 

the information processing apparatus has storage means 
and stores the person identification certificate, which is 
issued by the person identification certificate authority, 
in the storage means . 



20. A person authentication method according to Claim 
14, wherein the person identification certificate authority 
checks the validity/ of a template expiration date or an 
expiration date oy an issued person identification 
certificate, and/ then gives notice to an entity received the 
person identification certificate of which a expiration date 
is approachin< 



21. A person authentication method according to Claim 
14, wherein the person identification certificate authority 
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ceives a request for updating an issued person 
authentication certificate from an entity/received the 
person identification certificate, then /issues a person 
authentication certificate in which a /updated expiration 
date or a updated certificate usage iiumber limit is set 
according to the request, and issues a certificate usage 
number limit . 

22. A person authenticati/bn method according to Claim 
14, wherein the person identification certificate authority 
receives a request for updating a template, stored in a 
person identification certificate which has been issued, 
from an authenticated uper of a person identification 
certificate ; and 

the person identification certificate authority 
nullifies the persoA identification certificate according to 
the request and then makes a person identification 
certificate on tne basis of a updated template. 



23. A person authentication method according to Claim 
14, wherein ytie person identification certificate authority 
receives dat/a of a request for setting a template expiration 
date from gfn authenticated user of a person identification 
certificate, and then makes the person identification 
certificate in which a template expiration date is set on 
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fl /the basis of the data of the request for settling a template 
expiration date - 

24. A person authentication method /according to Claim 
14, wherein the person identification/certificate authority 
and the person authentication executing entity executes 
mutual authentication, when data commun ication is performed 
therebetween, a data transmitter/puts a digital signature on 
transmitted data, and a data receiver verifies the digital 
signature . 

25. An information processing apparatus for executing 
person authentication by comparing a template with sampling 
information, the template being person authentication data, 
and the sampling information being input by a user, the 
information processing apparatus comprising: 

a section for storing the template to execute person 
authentication on the basis of a person authentication 
certificate issued/by a person authentication certificate 
authority which is a third party; and 

a section for checking the validity of the person 
authentication certificate on the basis of a certificate 
expiration date or certificate usage number limit in person 
authentication processing on the basis of the person 
authenticatio/n certificate, and then executes the person 
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thentication by comparing the template, scored in the 
person authentication certificate, with tne sampling 
information input by a user on the condition that the 
validity of the person authentication certificate has been 
confirmed on the basis of the certificate expiration date or 
certificate usage number limit. 

26. An information processing apparatus for executing 
person authentication by comparing a template with sampling 
information, the template being/ person authentication data, 
and the sampling information being input by a user, the 
information processing apparatus comprising: 

a section for storing the template to execute person 
authentication on the basis/ of a person authentication 
certificate issued by a person authentication certificate 
authority which is a thi^/ party; 

a section for executing the following processing when 
usage restriction information of valid certificate usage 
number is stored in a person authentication certificate: 
storing a set usage count in a memory of the device; 
updating usage county data stored in the memory every time 
the person authentication certificate is used; determining 
whether the usage icount data is within the limits of the set 
usage count of the person authentication certificate; and 

executing person authentication by comparing user input 
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pling information with a template stored in the person 
authentication certificate if the us^ge count data is within 
the limits. 

27. An information processing/ apparatus for executing 
person authentication by comparing a template with sampling 
information, the template toeing person authentication data, 
and the sampling information being input by a user, the 
information processing apparatus comprising: 

a section for storing the/ template to execute person 
authentication on the basis of a person authentication 
certificate issued by a person authentication certificate 
authority which is a third party; and 

a section for checking the validity of the template on 
the basis of the template /expiration date in person 
authentication processing on the basis of the person 
authentication certificate, and then executes the person 
authentication by comparing the template, stored in the 
person authentication certificate, with sampling information 
input by a user on the condition that validity of the 
template expiration date has been confirmed. 

28. A program providing medium for proving a computer 
program which executes person authentication on the computer 
program by comparing a template with sampling information. 
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h tp template being person authentication data, and the 
sampling information being input by a u§*er, 
the computer program comprising: 

a step of confirming whether usefge restriction 
information, which includes either /a certificate expiration 
date, a certificate usage number Aimit, or a template 
expiration date, is stored in a /person authentication 
certificate issued by a person/ authentication certificate 
authority; 

a step of checking the /validity of the person 
authentication certificate/ on the basis of the certificate 
expiration date, the certificate usage number limit, or the 
template expiration date in person authentication processing 
on the basis of the person authentication certificate; and 

a step of executing the person authentication by 
comparing the template, stored in the person authentication 
certificate, with /sampling information input by a user on 
the condition that the validity of the person authentication 
certificate has/been confirmed on the basis of the 
certificate expiration date, certificate usage number limit. 



7 

or the template expiration date, 



